I am trying to find computers that have not communicated with a DC for a more than a certain amount of time. The problem is that if I specify 60 days I get some results. When I specify 50 days I get no results. I would have thought that I would get the same number of results or more. This is the script I’m using:
[CmdletBinding()]
param (
[Parameter(HelpMessage="The amount of days since a computer has communicated with a Domain Controller")]
[int]
$days = 60
)
$lldate = [DateTime]::Today.AddDays(-$days)
Write-Verbose "`$lldate is $lldate"
$stalecomputers = Get-ADComputer -Filter "PasswordLastSet -lt '$lldate'" -Properties PasswordLastSet | Select-Object name,PasswordLastSet | Out-String
Write-Output $stalecomputers
Another thing is that when I specify 30 days I get computer objects that have changed their password within 30 days, so something is not working correctly. I am stuck on this despite looking through google and I see this is what people are doing.
I have included in the script the part where I send an email of this list, thats why I have included Out-String at the end of the pipeline where I get the computers. Is there a better way to convert this into an email?
The syntax for the filter string for the AD cmdlets confuses me as well almost every time unless it is not something super easy.
This should work though:
[CmdletBinding()]
param (
[Parameter(HelpMessage = 'The amount of days since a computer has communicated with a Domain Controller')]
[int]$days = 60
)
$lldate = [DateTime]::Today.AddDays(-$days)
Write-Verbose "`$lldate is $lldate"
$stalecomputerList = Get-ADComputer -Filter 'PasswordLastSet -lt $lldate' -Properties PasswordLastSet
$stalecomputerList | Select-Object Name, PasswordLastSet
I’d recommend to use a -SearchBase to reduse the stress you put on your AD.
I found that with the first command Get-ADComputer -Filter “PasswordLastSet -lt ‘$time’”, I don’t get accurate info, especially when I reduce the number of days to 30 I get results that show computers with a password last set within the 30 days.